[kimhaze73]

My computer has been hijacked I cant open my admin services and when I do open it it wont show me anything also I try to go to windowsupdate and my browser wont open. I cant click on certain links. I have downloaded several antivirus tools but there not helping here is a copy of my hijack file thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 2:13:18 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Hazekim\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sbqaw.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,evwdhyw.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/game...ts/y/yt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140460145484
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/c...ploader_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\guard.tmp
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\u6ru0g99e6.dll (file missing)

[Flrman1]

* Click here to download Look2Me-Destroyer.exe and save it to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message:
  • Done removing infected files! Look2Me-Destroyer will now shutdown your computer
• Click OK then your computer will shutdown.
• Wait 60 seconds then turn your computer back on.
• Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX

[Flrman1]

Did you run that Hijack This scan in safe mode? It looks like you did. After you run the Look2medestroyer, run Hijack This in normal mode and post a new log from normal mode.

Also it appears that you have either disabled some startups via msconfig or youfixed some O4 or other entries with Hijack This. Did you do either of those?

Another thing I'd like you to do is open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

[Flrman1]

Also where is you antivirus? Do you have one?

[kimhaze73]

I cant open the look2me file I have tried to restart my computer 2 times. I downloaded all kinds of antivirus programs but I did uninstall them because they werent working.

here is my uninstall list:

3D Groove Playback Engine
Adobe Reader 7.0.8
AOL Instant Messenger
BCM V.92 56K Modem
Broadcom 440x Driver Installer
Broadcom Advanced Control Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCleaner (remove only)
Classic PhoneTools
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell ResourceCD
ewido anti-spyware 4.0
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp deskjet 3500
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel(R) Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
Kim Possible
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Baseline Security Analyzer 2.0
Modem Helper
Musicmatch® Jukebox
Nero PhotoShow Express
Nero Suite
PartyCasino
PartyPoker
PCPitstop Panda AntiVirus Scan (remove only)
PowerDVD
Quick Macros 2
Secure Game Player
SoundMAX
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows Overlay Components
Windows Support Tools
Windows XP Service Pack 2
WONplay
WordPerfect Office 2002
WordPerfect Office 2002
Yahoo! Toolbar

[Flrman1]

What do you mean "I cant open the look2me file"? That is quite vague. What happens when you try to open it?